How to hide .env passwords in Laravel whoops output?
As of Laravel 5.5.13, you can censor variables by listing them under the key debug_blacklist in config/app.php. When an exception is thrown, whoops will mask these values with asterisks * for each character. For example, given this config/app.php return [ // … ‘debug_blacklist’ => [ ‘_ENV’ => [ ‘APP_KEY’, ‘DB_PASSWORD’, ‘REDIS_PASSWORD’, ‘MAIL_PASSWORD’, ‘PUSHER_APP_KEY’, ‘PUSHER_APP_SECRET’, ], … Read more